www.xcitium.com Open in urlscan Pro
66.135.17.66 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.xcitium.com/living-off-the-land-attacks/
Submission Tags: falconsandbox
Submission: On July 19 via api (July 19th 2024, 3:38:25 pm UTC) from US — Scanned from CA

Summary HTTP 58 Redirects Links 15 Behaviour Indicators

Summary

This website contacted 21 IPs in 2 countries across 17 domains to perform 58 HTTP transactions. The main IP is 66.135.17.66, located in Piscataway, United States and belongs to AS-CHOOPA, US. The main domain is www.xcitium.com.
TLS certificate: Issued by Sectigo RSA Organization Validation S... on May 18th 2024. Valid for: a year.

This is the only time www.xcitium.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
17	66.135.17.66 66.135.17.66	20473 (AS-CHOOPA) (AS-CHOOPA)
10	209.85.232.94 209.85.232.94	15169 (GOOGLE) (GOOGLE)
1	104.16.141.209 104.16.141.209	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	173.194.66.97 173.194.66.97	15169 (GOOGLE) (GOOGLE)
1	18.160.41.112 18.160.41.112	16509 (AMAZON-02) (AMAZON-02)
1	104.17.175.201 104.17.175.201	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.64.153.27 172.64.153.27	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.17.128.172 104.17.128.172	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	99.84.191.81 99.84.191.81	16509 (AMAZON-02) (AMAZON-02)
1	23.215.0.139 23.215.0.139	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	216.239.38.181 216.239.38.181	15169 (GOOGLE) (GOOGLE)
1	173.194.66.154 173.194.66.154	15169 (GOOGLE) (GOOGLE)
3	142.251.167.94 142.251.167.94	15169 (GOOGLE) (GOOGLE)
2	142.251.167.155 142.251.167.155	15169 (GOOGLE) (GOOGLE)
3 6	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	104.18.243.108 104.18.243.108	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	142.251.167.99 142.251.167.99	15169 (GOOGLE) (GOOGLE)
3	99.84.108.69 99.84.108.69	16509 (AMAZON-02) (AMAZON-02)
1	104.16.117.116 104.16.117.116	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	13.32.207.95 13.32.207.95	16509 (AMAZON-02) (AMAZON-02)
58	21

17 66.135.17.66 (Piscataway, United States)

ASN20473 (AS-CHOOPA, US)
PTR: 66-135-17-66.constant.com

www.xcitium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 209.85.232.94 (United States)

ASN15169 (GOOGLE, US)
PTR: qt-in-f94.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.141.209 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 173.194.66.97 (United States)

ASN15169 (GOOGLE, US)
PTR: qo-in-f97.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.160.41.112 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-160-41-112.iad55.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.175.201 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.64.153.27 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.128.172 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.84.191.81 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-191-81.iad89.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.215.0.139 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-215-0-139.deploy.static.akamaitechnologies.com

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.239.38.181 (United States)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 173.194.66.154 (United States)

ASN15169 (GOOGLE, US)
PTR: qo-in-f154.1e100.net

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.251.167.94 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: ww-in-f94.1e100.net

www.google.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.167.155 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: ww-in-f155.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 13.107.42.14 (United States) 3 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.243.108 (None, )

ASN13335 (CLOUDFLARENET, US)

api.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.167.99 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: ww-in-f99.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 99.84.108.69 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-108-69.iad79.r.cloudfront.net

beacon-v2.helpscout.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.117.116 (None, )

ASN13335 (CLOUDFLARENET, US)

track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.32.207.95 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-207-95.iad66.r.cloudfront.net

d3hb14vkzrxvla.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	xcitium.com www.xcitium.com	368 KB
10	gstatic.com fonts.gstatic.com	78 KB
6	linkedin.com 3 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 669 www.linkedin.com — Cisco Umbrella Rank: 914	3 KB
5	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 112	455 KB
3	helpscout.net beacon-v2.helpscout.net — Cisco Umbrella Rank: 23058	36 KB
3	google.ca www.google.ca — Cisco Umbrella Rank: 9677	191 B
3	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 252 googleads.g.doubleclick.net — Cisco Umbrella Rank: 77	3 KB
3	google.com analytics.google.com — Cisco Umbrella Rank: 238 www.google.com — Cisco Umbrella Rank: 10	128 B
2	cloudfront.net d3hb14vkzrxvla.cloudfront.net	874 B
2	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 1335 script.hotjar.com — Cisco Umbrella Rank: 2017	60 KB
1	hubspot.com track.hubspot.com — Cisco Umbrella Rank: 5359	1 KB
1	hubapi.com api.hubapi.com — Cisco Umbrella Rank: 7580	1 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 1884	14 KB
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 7189	4 KB
1	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 5067	26 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 5135	24 KB
1	hs-scripts.com js.hs-scripts.com — Cisco Umbrella Rank: 5414	1 KB
58	17

	Domain	Requested by
17	www.xcitium.com	www.xcitium.com
10	fonts.gstatic.com	www.xcitium.com
5	px.ads.linkedin.com	2 redirects snap.licdn.com www.xcitium.com
5	www.googletagmanager.com	www.xcitium.com www.googletagmanager.com js.hsadspixel.net
3	beacon-v2.helpscout.net	www.xcitium.com beacon-v2.helpscout.net
3	www.google.ca	www.xcitium.com
2	d3hb14vkzrxvla.cloudfront.net	beacon-v2.helpscout.net
2	www.google.com	www.xcitium.com
2	googleads.g.doubleclick.net	www.googletagmanager.com
1	track.hubspot.com
1	api.hubapi.com	js.hsadspixel.net
1	www.linkedin.com	1 redirects
1	stats.g.doubleclick.net	www.googletagmanager.com
1	analytics.google.com	www.googletagmanager.com
1	snap.licdn.com	www.googletagmanager.com
1	script.hotjar.com	static.hotjar.com
1	js.hsadspixel.net	js.hs-scripts.com
1	js.hs-banner.com	js.hs-scripts.com
1	js.hs-analytics.net	js.hs-scripts.com
1	static.hotjar.com	www.xcitium.com
1	js.hs-scripts.com	www.xcitium.com
58	21

This site contains links to these domains. Also see Links.

Domain
threatmap.xcitium.com
platform-us.xcitium.com
platform.xcitium.com
enterprise.platform.xcitium.com
enterprise-eu.platform.xcitium.com
www.xcitiumacademy.com
help.comodo.com
www.youtube.com
forum.xcitium.com
developers.valkyrie.comodo.com
www.linkedin.com
twitter.com
www.chatsimple.ai

Subject Issuer	Validity	Valid
*.xcitium.com Sectigo RSA Organization Validation Secure Server CA	`2024-05-18` - `2025-05-18`	a year	crt.sh
*.gstatic.com WR2	`2024-06-24` - `2024-09-16`	3 months	crt.sh
hs-scripts.com E1	`2024-05-31` - `2024-08-29`	3 months	crt.sh
*.google-analytics.com WR2	`2024-06-24` - `2024-09-16`	3 months	crt.sh
*.hotjar.com Amazon RSA 2048 M03	`2024-05-22` - `2025-06-20`	a year	crt.sh
hs-analytics.net WE1	`2024-06-11` - `2024-09-09`	3 months	crt.sh
hs-banner.com E1	`2024-05-30` - `2024-08-28`	3 months	crt.sh
hsadspixel.net E6	`2024-06-14` - `2024-09-12`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
*.google.com WR2	`2024-06-24` - `2024-09-16`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-06-24` - `2024-09-16`	3 months	crt.sh
*.google.ca WR2	`2024-06-24` - `2024-09-16`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-07-01` - `2025-01-01`	6 months	crt.sh
hubapi.com E6	`2024-07-02` - `2024-09-30`	3 months	crt.sh
*.helpscout.net Amazon RSA 2048 M03	`2024-03-18` - `2025-04-15`	a year	crt.sh
hubspot.com E1	`2024-05-23` - `2024-08-21`	3 months	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2023-10-10` - `2024-09-19`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.xcitium.com/living-off-the-land-attacks/
Frame ID: 516BE9678F62B7A9250FEB9FCFBFE1E0
Requests: 59 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

What You Need to Know About Living off the Land Attacks

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

58
Requests

98 %
HTTPS

0 %
IPv6

17
Domains

21
Subdomains

21
IPs

2
Countries

1074 kB
Transfer

2698 kB
Size

19
Cookies

15 Outgoing links

These are links going to different origins than the main page.

URL: https://threatmap.xcitium.com/
Title: Threat Map

Search URL Search Domain Scan URL

URL: https://platform-us.xcitium.com/app/login
Title: (US) Xcitium Platform

Search URL Search Domain Scan URL

URL: https://platform.xcitium.com/app/login
Title: (EU) Xcitium Platform

Search URL Search Domain Scan URL

URL: https://enterprise.platform.xcitium.com/login
Title: (US) Xcitium Enterprise Platform

Search URL Search Domain Scan URL

URL: https://enterprise-eu.platform.xcitium.com/login
Title: (EU) Xcitium Enterprise Platform

Search URL Search Domain Scan URL

URL: https://www.xcitiumacademy.com/login
Title: Partner Portal Login

Search URL Search Domain Scan URL

URL: https://help.comodo.com/
Title: Help Guides

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCb3zCCQyxbWiRkvo6p0igUA/videos
Title: Videos

Search URL Search Domain Scan URL

URL: https://forum.xcitium.com/
Title: Forums

Search URL Search Domain Scan URL

URL: https://developers.valkyrie.comodo.com/developers/plugins/
Title: Plugins

Search URL Search Domain Scan URL

URL: https://developers.valkyrie.comodo.com/developers/api
Title: APIs

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/xcitium

Search URL Search Domain Scan URL

URL: https://twitter.com/getxcitium

Search URL Search Domain Scan URL

URL: https://www.youtube.com/@xcitium

Search URL Search Domain Scan URL

URL: https://www.chatsimple.ai/?utm_source=widget&utm_medium=referral
Title: chatsimple

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 42

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4656778&time=1721403497709&url=https%3A%2F%2Fwww.xcitium.com%2Fliving-off-the-land-attacks%2F HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4656778&time=1721403497709&url=https%3A%2F%2Fwww.xcitium.com%2Fliving-off-the-land-attacks%2F&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4656778%26time%3D1721403497709%26url%3Dhttps%253A%252F%252Fwww.xcitium.com%252Fliving-off-the-land-attacks%252F%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4656778&time=1721403497709&url=https%3A%2F%2Fwww.xcitium.com%2Fliving-off-the-land-attacks%2F&cookiesTest=true&liSync=true

58 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.xcitium.com/living-off-the-land-attacks/ 52 KB
13 KB 178ms
48ms Document
text/html 66.135.17.66
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xcitium.com/living-off-the-land-attacks/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 66.135.17.66 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: 66-135-17-66.constant.com
Software: NuCDN/v2.59.21 /
Resource Hash: c96d60f1f5842a21800dfcdd329206a01084a863d0f35058d288a7640eaa9003

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Fri, 19 Jul 2024 15:38:17 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: NuCDN/v2.59.21
x-beluga-cache-status: Miss
x-beluga-node: 00033cad-f4e7-4038-ad94-6be739bfbf74
x-beluga-record: bc5d91652c9b878998710a36a3fd256fe6a5555f
x-beluga-response-time: 8 ms
x-beluga-status: 000
x-beluga-trace: 7b960309-d27b-43f1-875e-b4079e80cb8b

GET
H2 200 QGYsz_wNahGAdqQ43Rh_fKDp.woff2
fonts.gstatic.com/s/worksans/v18/ 47 KB
47 KB 210ms
102ms Font
font/woff2 209.85.232.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/worksans/v18/QGYsz_wNahGAdqQ43Rh_fKDp.woff2

Requested by

Host: www.xcitium.com
URL: https://www.xcitium.com/living-off-the-land-attacks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

209.85.232.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qt-in-f94.1e100.net

Software

sffe /

Resource Hash

97e82d8eac8d106b28abf1b716982c40c06fffe49cc2f34cd1c299266745ef73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xcitium.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 15 Jul 2024 14:22:38 GMT
x-content-type-options: nosniff
age: 350139
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47728
x-xss-protection: 0
last-modified: Tue, 23 Aug 2022 17:55:22 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 15 Jul 2025 14:22:38 GMT

GET
H2 200 pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 202ms
96ms Font
font/woff2 209.85.232.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2

Requested by

Host: www.xcitium.com
URL: https://www.xcitium.com/living-off-the-land-attacks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

209.85.232.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qt-in-f94.1e100.net

Software

sffe /

Resource Hash

f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xcitium.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 19 Jul 2024 06:32:28 GMT
x-content-type-options: nosniff
age: 32749
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8000
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:59:07 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 19 Jul 2025 06:32:28 GMT

GET
H2 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 157ms
50ms Font
font/woff2 209.85.232.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: www.xcitium.com
URL: https://www.xcitium.com/living-off-the-land-attacks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

209.85.232.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qt-in-f94.1e100.net

Software

sffe /

Resource Hash

7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xcitium.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 17 Jul 2024 01:58:16 GMT
x-content-type-options: nosniff
age: 222001
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7884
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 17 Jul 2025 01:58:16 GMT

GET
H2 200 pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 163ms
57ms Font
font/woff2 209.85.232.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

Requested by

Host: www.xcitium.com
URL: https://www.xcitium.com/living-off-the-land-attacks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

209.85.232.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qt-in-f94.1e100.net

Software

sffe /

Resource Hash

9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xcitium.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 15 Jul 2024 06:19:45 GMT
x-content-type-options: nosniff
age: 379112
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7816
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:11:40 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 15 Jul 2025 06:19:45 GMT

GET
H2 200 pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 170ms
64ms Font
font/woff2 209.85.232.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2

Requested by

Host: www.xcitium.com
URL: https://www.xcitium.com/living-off-the-land-attacks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

209.85.232.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qt-in-f94.1e100.net

Software

sffe /

Resource Hash

cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xcitium.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 19 Jul 2024 06:39:36 GMT
x-content-type-options: nosniff
age: 32321
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7748
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:21:30 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 19 Jul 2025 06:39:36 GMT

GET
H2 200 fontawesome-webfont.woff2
www.xcitium.com/fonts/ 75 KB
76 KB 39ms
37ms Font
application/octet-stream 66.135.17.66
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xcitium.com/fonts/fontawesome-webfont.woff2
Requested by: Host: www.xcitium.com
URL: https://www.xcitium.com/living-off-the-land-attacks/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 66.135.17.66 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: 66-135-17-66.constant.com
Software: NuCDN/v2.59.21 /
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Referer: https://www.xcitium.com/living-off-the-land-attacks/
Origin: https://www.xcitium.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-beluga-cache-status: Hit (1)
date: Fri, 19 Jul 2024 15:38:17 GMT
last-modified: Tue, 04 Jun 2024 13:14:12 GMT
server: NuCDN/v2.59.21
etag: "665f1324-12d68"
content-type: application/octet-stream
x-beluga-node: 00033cad-f4e7-4038-ad94-6be739bfbf74
cache-control: public, no-transform
x-beluga-response-time: 0 ms
x-beluga-status: 003
x-beluga-trace: d3217f0d-e028-418e-bc01-5e82937b3734
content-length: 77160
x-beluga-record: 76596f120e0b06d2e59aafe4d2519162155fb6ff
expires: Thu, 05 Dec 2024 22:25:19 GMT

GET
H2 200 bootstrap-5.min.css
www.xcitium.com/css/ 152 KB
22 KB 118ms
116ms Stylesheet
text/css 66.135.17.66
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xcitium.com/css/bootstrap-5.min.css
Requested by: Host: www.xcitium.com
URL: https://www.xcitium.com/living-off-the-land-attacks/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 66.135.17.66 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: 66-135-17-66.constant.com
Software: NuCDN/v2.59.21 /
Resource Hash: 33cea6bdeefd252e24c44330f0584053bf3e958be57b320e0cef87a06e2a9ae9

Request headers

Referer: https://www.xcitium.com/living-off-the-land-attacks/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-beluga-cache-status: Hit (1)
date: Fri, 19 Jul 2024 15:38:17 GMT
content-encoding: gzip
last-modified: Sat, 13 Jul 2024 00:39:13 GMT
server: NuCDN/v2.59.21
etag: "6691ccb1-25fe3"
content-type: text/css
x-beluga-node: 00033cad-f4e7-4038-ad94-6be739bfbf74
cache-control: public, no-transform
x-beluga-response-time: 0 ms
x-beluga-status: 003
x-beluga-trace: 3387cf85-5e1a-496b-b6c8-dc28dddd3b2d
x-beluga-record: d92731dd81ada58980edcb5571eb289200997f27
expires: Mon, 15 Jul 2024 15:23:12 GMT

GET
H2 200 font-awesome.min.css
www.xcitium.com/css/ 29 KB
6 KB 116ms
115ms Stylesheet
text/css 66.135.17.66
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xcitium.com/css/font-awesome.min.css
Requested by: Host: www.xcitium.com
URL: https://www.xcitium.com/living-off-the-land-attacks/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 66.135.17.66 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: 66-135-17-66.constant.com
Software: NuCDN/v2.59.21 /
Resource Hash: 843ee632a69ddb2b75c39b1a4355e0d77335d844afa9d27e032fc26b9dc6e9d4

Request headers

Referer: https://www.xcitium.com/living-off-the-land-attacks/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-beluga-cache-status: Hit (1)
date: Fri, 19 Jul 2024 15:38:17 GMT
content-encoding: gzip
last-modified: Sat, 13 Jul 2024 00:39:13 GMT
server: NuCDN/v2.59.21
etag: "6691ccb1-7273"
content-type: text/css
x-beluga-node: 00033cad-f4e7-4038-ad94-6be739bfbf74
cache-control: public, no-transform
x-beluga-response-time: 0 ms
x-beluga-status: 003
x-beluga-trace: 78de667a-7799-4988-a38f-79bd6720d05e
x-beluga-record: 56dc5c802d0e691135eff1306caf8b4c0f49e5df
expires: Mon, 15 Jul 2024 15:23:12 GMT

GET
H2 200 silo-style.min.css
www.xcitium.com/css/ 43 KB
8 KB 114ms
113ms Stylesheet
text/css 66.135.17.66
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xcitium.com/css/silo-style.min.css
Requested by: Host: www.xcitium.com
URL: https://www.xcitium.com/living-off-the-land-attacks/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 66.135.17.66 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: 66-135-17-66.constant.com
Software: NuCDN/v2.59.21 /
Resource Hash: 17d569a2978f9c1ead19e8c7ebc1cec3a2cc42cd4baa614047f1664ebbb920d1

Request headers

Referer: https://www.xcitium.com/living-off-the-land-attacks/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-beluga-cache-status: Hit (1)
date: Fri, 19 Jul 2024 15:38:17 GMT
content-encoding: gzip
last-modified: Sat, 13 Jul 2024 00:39:13 GMT
server: NuCDN/v2.59.21
etag: "6691ccb1-acb1"
content-type: text/css
x-beluga-node: 00033cad-f4e7-4038-ad94-6be739bfbf74
cache-control: public, no-transform
x-beluga-response-time: 1 ms
x-beluga-status: 003
x-beluga-trace: cb7fd988-e357-46d7-a554-eb7d2ee276b2
x-beluga-record: 6ddf218525fe9984ed4c18262e78cb87e1bad327
expires: Thu, 18 Jul 2024 21:11:20 GMT

GET
H2 200 exit-popup-min.css
www.xcitium.com/css/ 10 KB
2 KB 39ms
37ms Stylesheet
text/css 66.135.17.66
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xcitium.com/css/exit-popup-min.css
Requested by: Host: www.xcitium.com
URL: https://www.xcitium.com/living-off-the-land-attacks/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 66.135.17.66 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: 66-135-17-66.constant.com
Software: NuCDN/v2.59.21 /
Resource Hash: 55d5c839da5019a25bb101717cbfc9c2b51242ca1c72de30ff9832d0d1c3e70f

Request headers

Referer: https://www.xcitium.com/living-off-the-land-attacks/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-beluga-cache-status: Hit (1)
date: Fri, 19 Jul 2024 15:38:17 GMT
content-encoding: gzip
last-modified: Sat, 13 Jul 2024 00:39:13 GMT
server: NuCDN/v2.59.21
etag: "6691ccb1-27a9"
content-type: text/css
x-beluga-node: 00033cad-f4e7-4038-ad94-6be739bfbf74
cache-control: public, no-transform
x-beluga-response-time: 0 ms
x-beluga-status: 003
x-beluga-trace: b5950d90-3ef1-4a79-b1fa-f4d433196092
content-length: 2243
x-beluga-record: 1490f26176e8b3621f278c4139643021339bdd9a
expires: Mon, 15 Jul 2024 04:24:25 GMT

GET
H2 200 xcidium-intro-video.webp
www.xcitium.com/images/ 12 KB
12 KB 39ms
36ms Image
image/webp 66.135.17.66
AS-CHOOPA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xcitium.com/images/xcidium-intro-video.webp
Requested by: Host: www.xcitium.com
URL: https://www.xcitium.com/living-off-the-land-attacks/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 66.135.17.66 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: 66-135-17-66.constant.com
Software: NuCDN/v2.59.21 /
Resource Hash: aadf1df492a5e6e119efb19ff484c032f0f334f7f4f2fcadd01e321bc9521742

Request headers

Referer: https://www.xcitium.com/living-off-the-land-attacks/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-beluga-cache-status: Hit (1)
date: Fri, 19 Jul 2024 15:38:17 GMT
last-modified: Tue, 04 Jun 2024 13:14:13 GMT
server: NuCDN/v2.59.21
etag: "665f1325-30c0"
content-type: image/webp
x-beluga-node: 00033cad-f4e7-4038-ad94-6be739bfbf74
cache-control: public, no-transform
x-beluga-response-time: 0 ms
x-beluga-status: 003
x-beluga-trace: 1ffe625e-aa45-4be5-966f-1d882cb5ab95
content-length: 12480
x-beluga-record: 6191cb6e7a27f2827778f44d929d8b65ef4cabc7
expires: Thu, 05 Dec 2024 22:27:06 GMT

GET
H2 200 Xcitium-Logo.svg
www.xcitium.com/images/ 51 KB
51 KB 52ms
51ms Image
image/svg+xml 66.135.17.66
AS-CHOOPA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xcitium.com/images/Xcitium-Logo.svg
Requested by: Host: www.xcitium.com
URL: https://www.xcitium.com/living-off-the-land-attacks/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 66.135.17.66 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: 66-135-17-66.constant.com
Software: NuCDN/v2.59.21 /
Resource Hash: 9626463ac1430e530f9b2ea5d1554742577eff894e8d3a93cd45caf76f87afc9

Request headers

Referer: https://www.xcitium.com/living-off-the-land-attacks/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-beluga-cache-status: Hit (1)
date: Fri, 19 Jul 2024 15:38:17 GMT
last-modified: Tue, 04 Jun 2024 13:14:12 GMT
server: NuCDN/v2.59.21
etag: "665f1324-cbcd"
content-type: image/svg+xml
x-beluga-node: 00033cad-f4e7-4038-ad94-6be739bfbf74
cache-control: public, no-transform
x-beluga-response-time: 0 ms
x-beluga-status: 003
x-beluga-trace: 67f54d9d-fba5-450f-8b9a-ebac9fc70656
content-length: 52173
x-beluga-record: 2ee90530d86188548c65f9dd844f4ff72ec8df2d
expires: Thu, 05 Dec 2024 22:25:19 GMT

GET
H2 200 39941697.js Show response
js.hs-scripts.com/ 1 KB
1 KB 195ms
137ms Script
application/javascript 104.16.141.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-scripts.com/39941697.js

Requested by

Host: www.xcitium.com
URL: https://www.xcitium.com/living-off-the-land-attacks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.141.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cd4f199913742fb95f190532cf09c0e216f069840d6ea09d4e227bc771ef2a37

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.xcitium.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 19 Jul 2024 15:38:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: EXPIRED
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: ff607454-63c6-4422-930a-d0cac30a7f52
x-envoy-upstream-service-time: 30
content-length: 584
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: ff607454-63c6-4422-930a-d0cac30a7f52
last-modified: Fri, 19 Jul 2024 15:28:27 GMT
server: cloudflare
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.xcitium.com
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-7dd59b876-l5zck
access-control-allow-credentials: true
cache-control: public, max-age=90
accept-ranges: bytes
cf-ray: 8a5bcc320edeac34-YYZ
expires: Fri, 19 Jul 2024 15:39:47 GMT

GET
H2 200 jquery.min.js Show response
www.xcitium.com/js/vendor/ 82 KB
29 KB 102ms
100ms Script
application/javascript 66.135.17.66
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xcitium.com/js/vendor/jquery.min.js
Requested by: Host: www.xcitium.com
URL: https://www.xcitium.com/living-off-the-land-attacks/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 66.135.17.66 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: 66-135-17-66.constant.com
Software: NuCDN/v2.59.21 /
Resource Hash: 7682ae16052155906f82c882564658da00e3f9bf19eadf56cfe13f44c0c3d308

Request headers

Referer: https://www.xcitium.com/living-off-the-land-attacks/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-beluga-cache-status: Hit (1)
date: Fri, 19 Jul 2024 15:38:17 GMT
content-encoding: gzip
last-modified: Tue, 04 Jun 2024 13:14:13 GMT
server: NuCDN/v2.59.21
etag: "665f1325-1495f"
content-type: application/javascript
x-beluga-node: 00033cad-f4e7-4038-ad94-6be739bfbf74
cache-control: public, no-transform
x-beluga-response-time: 0 ms
x-beluga-status: 003
x-beluga-trace: 89f3a87c-6300-411b-aca9-1b49d1805c3d
x-beluga-record: 980924d511d4a6e006e6260242aace572bab80e8
expires: Thu, 05 Dec 2024 22:32:05 GMT

GET
H2 200 bootstrap-5.min.js Show response
www.xcitium.com/js/ 59 KB
16 KB 41ms
39ms Script
application/javascript 66.135.17.66
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xcitium.com/js/bootstrap-5.min.js
Requested by: Host: www.xcitium.com
URL: https://www.xcitium.com/living-off-the-land-attacks/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 66.135.17.66 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: 66-135-17-66.constant.com
Software: NuCDN/v2.59.21 /
Resource Hash: 5c36e28c9a7bd864b673e223db7e1934923227536ffbdf871f58b6f09b9ac8c9

Request headers

Referer: https://www.xcitium.com/living-off-the-land-attacks/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-beluga-cache-status: Hit (1)
date: Fri, 19 Jul 2024 15:38:17 GMT
content-encoding: gzip
last-modified: Tue, 04 Jun 2024 13:14:13 GMT
server: NuCDN/v2.59.21
etag: "665f1325-eab9"
content-type: application/javascript
x-beluga-node: 00033cad-f4e7-4038-ad94-6be739bfbf74
cache-control: public, no-transform
x-beluga-response-time: 1 ms
x-beluga-status: 003
x-beluga-trace: fbd6ff85-e4c3-4468-b8c1-b88c397db52e
x-beluga-record: 5d11888f07e6f1c8dfab4318e4f7896e542bf12d
expires: Thu, 05 Dec 2024 22:31:36 GMT

GET
H2 200 plugins.js Show response
www.xcitium.com/js/ 3 KB
1 KB 106ms
105ms Script
application/javascript 66.135.17.66
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xcitium.com/js/plugins.js
Requested by: Host: www.xcitium.com
URL: https://www.xcitium.com/living-off-the-land-attacks/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 66.135.17.66 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: 66-135-17-66.constant.com
Software: NuCDN/v2.59.21 /
Resource Hash: ba7e001a1400281e75bad35572d8b4ce6631b1d0a978a3d98e232545a12941ad

Request headers

Referer: https://www.xcitium.com/living-off-the-land-attacks/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-beluga-cache-status: Hit (1)
date: Fri, 19 Jul 2024 15:38:17 GMT
content-encoding: gzip
last-modified: Tue, 04 Jun 2024 13:14:13 GMT
server: NuCDN/v2.59.21
etag: "665f1325-af3"
content-type: application/javascript
x-beluga-node: 00033cad-f4e7-4038-ad94-6be739bfbf74
cache-control: public, no-transform
x-beluga-response-time: 1 ms
x-beluga-status: 003
x-beluga-trace: 9292eb90-23c8-47eb-93ef-a4aa2f238403
content-length: 1271
x-beluga-record: 801d75a8732c414a4f79a3b549dadfa545d39660
expires: Thu, 05 Dec 2024 22:33:12 GMT

GET
H2 200 main.min.js Show response
www.xcitium.com/js/ 972 B
728 B 39ms
37ms Script
application/javascript 66.135.17.66
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xcitium.com/js/main.min.js
Requested by: Host: www.xcitium.com
URL: https://www.xcitium.com/living-off-the-land-attacks/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 66.135.17.66 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: 66-135-17-66.constant.com
Software: NuCDN/v2.59.21 /
Resource Hash: abc134cd45c171f589ddf929b0a5639abdc14aa8f1386e12394d9db8689fc89c

Request headers

Referer: https://www.xcitium.com/living-off-the-land-attacks/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-beluga-cache-status: Hit (1)
date: Fri, 19 Jul 2024 15:38:17 GMT
content-encoding: gzip
last-modified: Tue, 04 Jun 2024 13:14:13 GMT
server: NuCDN/v2.59.21
etag: "665f1325-3cc"
content-type: application/javascript
x-beluga-node: 00033cad-f4e7-4038-ad94-6be739bfbf74
cache-control: public, no-transform
x-beluga-response-time: 0 ms
x-beluga-status: 003
x-beluga-trace: e20deb76-3972-4f49-90cf-ab2dd1268910
content-length: 520
x-beluga-record: a061adf5d889ad794773983785f3a38b7319213a
expires: Thu, 05 Dec 2024 22:33:11 GMT

GET
H2 200 custom-add.min.js Show response
www.xcitium.com/js/ 1 KB
928 B 41ms
39ms Script
application/javascript 66.135.17.66
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xcitium.com/js/custom-add.min.js
Requested by: Host: www.xcitium.com
URL: https://www.xcitium.com/living-off-the-land-attacks/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 66.135.17.66 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: 66-135-17-66.constant.com
Software: NuCDN/v2.59.21 /
Resource Hash: 8dfb9327230d2ee3cabfea67fb670bcf7c0c77754111b4cfb0403e0b7d1a96cb

Request headers

Referer: https://www.xcitium.com/living-off-the-land-attacks/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-beluga-cache-status: Hit (1)
date: Fri, 19 Jul 2024 15:38:17 GMT
content-encoding: gzip
last-modified: Tue, 04 Jun 2024 13:14:13 GMT
server: NuCDN/v2.59.21
etag: "665f1325-562"
content-type: application/javascript
x-beluga-node: 00033cad-f4e7-4038-ad94-6be739bfbf74
cache-control: public, no-transform
x-beluga-response-time: 0 ms
x-beluga-status: 003
x-beluga-trace: 5a747432-8361-4c2e-aa9d-92d6bcc5af22
content-length: 775
x-beluga-record: 29fd5776ffc7f7754a276189156aa35d6d9ec226
expires: Thu, 05 Dec 2024 22:33:11 GMT

GET
H2 200 lazysizes.min.js Show response
www.xcitium.com/js/ 8 KB
4 KB 39ms
38ms Script
application/javascript 66.135.17.66
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xcitium.com/js/lazysizes.min.js
Requested by: Host: www.xcitium.com
URL: https://www.xcitium.com/living-off-the-land-attacks/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 66.135.17.66 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: 66-135-17-66.constant.com
Software: NuCDN/v2.59.21 /
Resource Hash: 3342a0ef5691d423771e3fed260157b8eea2d135ee706f933f01b9dc784c0ad4

Request headers

Referer: https://www.xcitium.com/living-off-the-land-attacks/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-beluga-cache-status: Hit (1)
date: Fri, 19 Jul 2024 15:38:17 GMT
content-encoding: gzip
last-modified: Tue, 04 Jun 2024 13:14:13 GMT
server: NuCDN/v2.59.21
etag: "665f1325-1ed1"
content-type: application/javascript
x-beluga-node: 00033cad-f4e7-4038-ad94-6be739bfbf74
cache-control: public, no-transform
x-beluga-response-time: 0 ms
x-beluga-status: 003
x-beluga-trace: 95267be9-65ae-4c40-a553-9481a05407c3
content-length: 3502
x-beluga-record: 7ca45167aee0bb23cfde6d4d28049e02f20d36e6
expires: Thu, 05 Dec 2024 22:30:59 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 275 KB
94 KB 163ms
62ms Script
application/javascript 173.194.66.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-ML4QVN4

Requested by

Host: www.xcitium.com
URL: https://www.xcitium.com/living-off-the-land-attacks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

173.194.66.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qo-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

6bd352c858031c1ec91031dadc2ed2c61fec706eb6abcf17133df568c5198ccc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.xcitium.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 19 Jul 2024 15:38:17 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95866
x-xss-protection: 0
last-modified: Fri, 19 Jul 2024 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 19 Jul 2024 15:38:17 GMT

GET
H2 200 hotjar-3247177.js Show response
static.hotjar.com/c/ 9 KB
4 KB 207ms
118ms Script
application/javascript 18.160.41.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-3247177.js?sv=6

Requested by

Host: www.xcitium.com
URL: https://www.xcitium.com/living-off-the-land-attacks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.160.41.112 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-160-41-112.iad55.r.cloudfront.net

Software

Resource Hash

47c4e464f01276fd263c27dfd523810b999d76c8b58bafc90fdbdabb3d056560

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.xcitium.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 19 Jul 2024 15:38:17 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 3718533b4f5d67c52ce24dc2e8ef04b4.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD55-P1
etag: W/0c71f791471cf40509eaa971f28c5b5a
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=60
x-cache-hit: 1
cross-origin-resource-policy: cross-origin
x-amz-cf-id: 7WkJUTPnd_NW1xi-HsM6iUEW-uyGfEG9mO3EdQ9kDR-HpolzlG1ByQ==

GET
DATA 200
OK truncated
/ 231 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0c423574c169bcda1bac06d877eb1d94e018b4f2f54c637eb632cd00ebc5d6f5

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 231 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 90473a1a619e183dde264afd0632ecbaa69a98ce8a4ed8be947417e47a666670

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
0 0ms
0ms Font
font/woff2 209.85.232.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: www.xcitium.com
URL: https://www.xcitium.com/css/silo-style.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

209.85.232.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qt-in-f94.1e100.net

Software

sffe /

Resource Hash

7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xcitium.com/
Origin: https://www.xcitium.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 17 Jul 2024 01:58:16 GMT
x-content-type-options: nosniff
age: 222001
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7884
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 17 Jul 2025 01:58:16 GMT

GET
H2 200 fontawesome-webfont.woff2
www.xcitium.com/fonts/ 75 KB
76 KB 37ms
36ms Font
application/octet-stream 66.135.17.66
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xcitium.com/fonts/fontawesome-webfont.woff2?v=4.5.0
Requested by: Host: www.xcitium.com
URL: https://www.xcitium.com/css/font-awesome.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 66.135.17.66 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: 66-135-17-66.constant.com
Software: NuCDN/v2.59.21 /
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Referer: https://www.xcitium.com/css/font-awesome.min.css
Origin: https://www.xcitium.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-beluga-cache-status: Hit (1)
date: Fri, 19 Jul 2024 15:38:17 GMT
last-modified: Tue, 04 Jun 2024 13:14:12 GMT
server: NuCDN/v2.59.21
etag: "665f1324-12d68"
content-type: application/octet-stream
x-beluga-node: 00033cad-f4e7-4038-ad94-6be739bfbf74
cache-control: public, no-transform
x-beluga-response-time: 0 ms
x-beluga-status: 003
x-beluga-trace: 01c5c4d6-0516-4b07-8d4d-4797baecbb6a
content-length: 77160
x-beluga-record: 6e499baabaa1d1998d374da3c579cd6e60738c07
expires: Thu, 05 Dec 2024 22:27:06 GMT

GET
H2 200 pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
0 0ms
0ms Font
font/woff2 209.85.232.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2

Requested by

Host: www.xcitium.com
URL: https://www.xcitium.com/css/silo-style.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

209.85.232.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qt-in-f94.1e100.net

Software

sffe /

Resource Hash

cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xcitium.com/
Origin: https://www.xcitium.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 19 Jul 2024 06:39:36 GMT
x-content-type-options: nosniff
age: 32321
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7748
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:21:30 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 19 Jul 2025 06:39:36 GMT

GET
H2 200 QGYsz_wNahGAdqQ43Rh_fKDp.woff2
fonts.gstatic.com/s/worksans/v18/ 47 KB
0 48ms
48ms Font
font/woff2 209.85.232.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/worksans/v18/QGYsz_wNahGAdqQ43Rh_fKDp.woff2

Requested by

Host: www.xcitium.com
URL: https://www.xcitium.com/css/silo-style.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

209.85.232.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qt-in-f94.1e100.net

Software

sffe /

Resource Hash

97e82d8eac8d106b28abf1b716982c40c06fffe49cc2f34cd1c299266745ef73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xcitium.com/
Origin: https://www.xcitium.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 15 Jul 2024 14:22:38 GMT
x-content-type-options: nosniff
age: 350139
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47728
x-xss-protection: 0
last-modified: Tue, 23 Aug 2022 17:55:22 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 15 Jul 2025 14:22:38 GMT

GET
H2 200 pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
0 1ms
1ms Font
font/woff2 209.85.232.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

Requested by

Host: www.xcitium.com
URL: https://www.xcitium.com/css/silo-style.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

209.85.232.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qt-in-f94.1e100.net

Software

sffe /

Resource Hash

9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xcitium.com/
Origin: https://www.xcitium.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 15 Jul 2024 06:19:45 GMT
x-content-type-options: nosniff
age: 379112
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7816
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:11:40 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 15 Jul 2025 06:19:45 GMT

GET
H2 200 pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
0 3ms
3ms Font
font/woff2 209.85.232.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2

Requested by

Host: www.xcitium.com
URL: https://www.xcitium.com/css/silo-style.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

209.85.232.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qt-in-f94.1e100.net

Software

sffe /

Resource Hash

f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xcitium.com/
Origin: https://www.xcitium.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 19 Jul 2024 06:32:28 GMT
x-content-type-options: nosniff
age: 32749
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8000
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:59:07 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 19 Jul 2025 06:32:28 GMT

GET
H2 200 living-off-the-land-attacks.png
www.xcitium.com/images/ 48 KB
49 KB 37ms
37ms Image
image/png 66.135.17.66
AS-CHOOPA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xcitium.com/images/living-off-the-land-attacks.png
Requested by: Host: www.xcitium.com
URL: https://www.xcitium.com/living-off-the-land-attacks/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 66.135.17.66 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: 66-135-17-66.constant.com
Software: NuCDN/v2.59.21 /
Resource Hash: 5677d8798eeea68b0186c5bb057450d36e498d75e06b196be8c62cb1b519154b

Request headers

Referer: https://www.xcitium.com/living-off-the-land-attacks/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-beluga-cache-status: Hit (1)
date: Fri, 19 Jul 2024 15:38:17 GMT
last-modified: Tue, 04 Jun 2024 13:14:13 GMT
server: NuCDN/v2.59.21
etag: "665f1325-c1c5"
content-type: image/png
x-beluga-node: 00033cad-f4e7-4038-ad94-6be739bfbf74
cache-control: public, no-transform
x-beluga-response-time: 1 ms
x-beluga-status: 003
x-beluga-trace: 8a39c341-c82d-4c05-8e5d-7f3bc4028f3c
content-length: 49605
x-beluga-record: 7a107a904ef7ddfc5fc7cc1c680a4cbc1fb94edb
expires: Fri, 06 Dec 2024 01:32:56 GMT

GET
H2 200 39941697.js Show response
js.hs-analytics.net/analytics/1721403300000/ 68 KB
24 KB 3535ms
115ms Script
text/javascript 104.17.175.201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1721403300000/39941697.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/39941697.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.175.201 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 025aa035249ae038dd8ce39f64c3737c75630e0c290e10c68c18ccfd7c96b1b2

Request headers

Referer: https://www.xcitium.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 19 Jul 2024 15:38:20 GMT
x-amz-version-id: null
content-encoding: gzip
cf-cache-status: MISS
x-amz-request-id: 30D10NRVR74E6GWA
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: eed41531-00c9-4914-9e07-79eb8117ffd4
x-envoy-upstream-service-time: 29
x-amz-id-2: TKiVmyWBfx4Wl6FD37oRtqs51Anugo6W36jyQ3hQEdgcXmC6ZT3XyVL9x4cpj9eV7vQ404KIczqxbRepneAK/jr81CEF9Cbp3hf0kuEq+ug=
x-evy-trace-listener: listener_https
x-request-id: eed41531-00c9-4914-9e07-79eb8117ffd4
x-evy-trace-route-configuration: listener_https/all
last-modified: Fri, 19 Jul 2024 15:18:19 GMT
server: cloudflare
etag: W/"61e1a74b23dd9205442d157894f88789"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-7bfb89fbf6-zmwrp
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 8a5bcc487b6139cb-YYZ
expires: Fri, 19 Jul 2024 15:43:20 GMT

GET
H2 200 banner.js Show response
js.hs-banner.com/v2/39941697/ 71 KB
26 KB 121ms
63ms Script
text/javascript 172.64.153.27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/39941697/banner.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/39941697.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.153.27 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 982502d1fb84580ce116ab62a786852d4fe2820d7ae36251394ef29a6c42a58f

Request headers

Referer: https://www.xcitium.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 19 Jul 2024 15:38:17 GMT
x-amz-version-id: RNET1zfKcrwkBSz6Q_2F4oiD.3JbStyT
content-encoding: gzip
cf-cache-status: REVALIDATED
x-amz-request-id: H47JG5FDZ27V63WY
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 492b4051-6657-4a51-ae16-b80476b071a2
x-envoy-upstream-service-time: 83
x-amz-id-2: EFGwpRFUx0b8eKc8FSnwrHNnwBsYW2VnAXrzl3KW6J+hb9qrli9z9I3ll1BRhc6BwDeHmC0QZ9/GgcSEDOBkQhMM0gKgtS2u
x-evy-trace-listener: listener_https
x-request-id: 492b4051-6657-4a51-ae16-b80476b071a2
x-evy-trace-route-configuration: listener_https/all
last-modified: Sun, 02 Jun 2024 04:03:07 GMT
server: cloudflare
etag: W/"c874a040c845feb7713353c131112c3e"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.xcitium.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300,public
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-78cb6f459b-gnznr
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 8a5bcc334af0abbb-YYZ
expires: Fri, 19 Jul 2024 15:43:17 GMT

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
4 KB 339ms
32ms Script
application/javascript 104.17.128.172
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsadspixel.net/fb.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/39941697.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.128.172 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

50a35208d4d64a784109aa95fc4741f204e4035bd304dfa933859fc124c579ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.xcitium.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 19 Jul 2024 15:38:17 GMT
x-amz-version-id: uYbxvY6weeATqv9c6Wdvv9TcA.mK4yCh
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 06c1d28e93bdae8f6401a12c10b2f570.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
age: 485
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.570/bundles/pixels-release.js&cfRay=8a5bc059584bac27-YYZ
x-cache: Hit from cloudfront
x-hubspot-correlation-id: c91b27a2-4ed6-4d17-8ca0-eaa0bbe88de9
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 0
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: c91b27a2-4ed6-4d17-8ca0-eaa0bbe88de9
last-modified: Wed, 17 Jul 2024 14:15:10 UTC
server: cloudflare
etag: W/"d0bc1801c348710367f872ece4338c28"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-65f7f7c749-jxxbv
cf-ray: 8a5bcc34dc6bac9c-YYZ
x-amz-cf-id: gJQJLKAYOT8r78k26WKDsd_HZuvZTa0ytyGRFZK1kc9pksR4KWVJlg==
x-hs-target-asset: adsscriptloaderstatic/static-1.570/bundles/pixels-release.js

GET
H2 200 modules.e4b2dc39f985f11fb1e4.js Show response
script.hotjar.com/ 223 KB
56 KB 3518ms
91ms Script
application/javascript 99.84.191.81
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.e4b2dc39f985f11fb1e4.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-3247177.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.191.81 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-191-81.iad89.r.cloudfront.net

Software

Resource Hash

619feac205d68f6356fcad13d6758533011a8acc7830e3deb0f763249d7516c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.xcitium.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 01 Jul 2024 08:11:07 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 46aba6b15045c2b494b2c260627fbfda.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD89-C2
age: 1582033
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 56291
last-modified: Mon, 01 Jul 2024 08:10:34 GMT
etag: "ca025d2d8ae4b3dc51e058b782590501"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: J0eYQIiJWCny0NMixYjyUq8WsBpL9BWmS0gSFq2CYVBzN88tx-lIQg==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 335 KB
109 KB 63ms
62ms Script
application/javascript 173.194.66.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-4LTQDQ30RF&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-ML4QVN4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

173.194.66.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qo-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

f5965215fdd3591ccce6ba65c7b4418c8777f1e73ddc8f1fa5b1ab1733e83270

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.xcitium.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 19 Jul 2024 15:38:17 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 111051
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 19 Jul 2024 15:38:17 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 38 KB
14 KB 136ms
40ms Script
application/javascript 23.215.0.139
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-ML4QVN4

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.215.0.139 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-215-0-139.deploy.static.akamaitechnologies.com

Software

Resource Hash

dbfeb010a0c8acddc38dea97e228787f16ac5e30b4af96b764fa2252fe3827e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.xcitium.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 19 Jul 2024 15:38:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 11 Jul 2024 09:18:59 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=79778
accept-ranges: bytes
content-length: 14011

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 238 KB
84 KB 92ms
91ms Script
application/javascript 173.194.66.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-1069383447&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-ML4QVN4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

173.194.66.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qo-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

fa572654ee28d4b4925cb8d6a0b8a78eab66569222302a2500b8b7bd794b7d7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.xcitium.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 19 Jul 2024 15:38:17 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 86188
x-xss-protection: 0
last-modified: Fri, 19 Jul 2024 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 19 Jul 2024 15:38:17 GMT

POST
H2 204 collect
analytics.google.com/g/ 0
0 374ms
48ms Fetch
text/plain 216.239.38.181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-4LTQDQ30RF&gtm=45je47h0v896828315z8896795997za200zb896795997&_p=1721403497212&_gaz=1&gcd=13l3l3l3l1&npa=0&dma=0&tag_exp=0&cid=1948912785.1721403498&ul=en-ca&sr=1600x1200&_ng=1&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&_s=1&sid=1721403497&sct=1&seg=0&dl=https%3A%2F%2Fwww.xcitium.com%2Fliving-off-the-land-attacks%2F&dt=What%20You%20Need%20to%20Know%20About%20Living%20off%20the%20Land%20Attacks&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=784&_z=fetch
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4LTQDQ30RF&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.38.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://www.xcitium.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Jul 2024 15:38:18 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.xcitium.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
254 B 405ms
51ms Ping
text/plain 173.194.66.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&_ng=1&tid=G-4LTQDQ30RF&cid=1948912785.1721403498&gtm=45je47h0v896828315z8896795997za200zb896795997&aip=1&dma=0&gcd=13l3l3l3l1&npa=0&frm=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4LTQDQ30RF&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 173.194.66.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: qo-in-f154.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.xcitium.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Jul 2024 15:38:18 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.xcitium.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.ca/ads/ 42 B
63 B 182ms
135ms Image
image/gif 142.251.167.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&_ng=1&tid=G-4LTQDQ30RF&cid=1948912785.1721403498&gtm=45je47h0v896828315z8896795997za200zb896795997&aip=1&dma=0&gcd=13l3l3l3l1&npa=0&frm=0&z=401110926

Requested by

Host: www.xcitium.com
URL: https://www.xcitium.com/living-off-the-land-attacks/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.167.94 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f94.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xcitium.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Jul 2024 15:38:17 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1069383447/ 3 KB
1 KB 151ms
64ms Script
text/javascript 142.251.167.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1069383447/?random=1721403497698&cv=11&fst=1721403497698&bg=ffffff&guid=ON&async=1&gtm=45be47h0v9101670771z8896795997za201zb896795997&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.xcitium.com%2Fliving-off-the-land-attacks%2F&hn=www.googleadservices.com&frm=0&tiba=What%20You%20Need%20to%20Know%20About%20Living%20off%20the%20Land%20Attacks&npa=0&pscdl=noapi&auid=1299748699.1721403498&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-1069383447&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.167.155 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f155.1e100.net

Software

cafe /

Resource Hash

8a540f871fa751e9e3ed4358f99a09c3fb200331c9a643b4c39d368363a342f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xcitium.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Jul 2024 15:38:17 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1417
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
763 B 3592ms
129ms XHR
application/json 13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=4656778&time=1721403497709&url=https%3A%2F%2Fwww.xcitium.com%2Fliving-off-the-land-attacks%2F
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Accept: *
Referer: https://www.xcitium.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 19 Jul 2024 15:38:21 GMT
content-encoding: gzip
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 02DC75D77AF54962939F84AE6AC9D348 Ref B: YTO01EDGE0817 Ref C: 2024-07-19T15:38:21Z
access-control-allow-methods: GET, OPTIONS
x-li-fabric: prod-ltx1
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
content-type: application/json
x-li-proto: http/2
x-restli-protocol-version: 1.0.0
access-control-allow-headers: *
x-li-uuid: AAYdm3w07NJaKx3pkAdUUQ==
x-fs-uuid: 00061d9b7c34ecd25a2b1de990075451

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4656778&time=1721403497709&url=https%3A%2F%2Fwww.xcitium.com%2Fliving-off-the-land-attacks%2F
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4656778&time=1721403497709&url=https%3A%2F%2Fwww.xcitium.com%2Fliving-off-the-land-attacks%2F&cookiesTest=true
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4656778%26time%3D1721403497709%26url%3Dhttps%253A%252F%252Fwww.xcitium.com%252Fli...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4656778&time=1721403497709&url=https%3A%2F%2Fwww.xcitium.com%2Fliving-off-the-land-attacks%2F&cookiesTest=true&liSync=true

0
163 B

113ms
113ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4656778&time=1721403497709&url=https%3A%2F%2Fwww.xcitium.com%2Fliving-off-the-land-attacks%2F&cookiesTest=true&liSync=true
Requested by: Host: www.xcitium.com
URL: https://www.xcitium.com/living-off-the-land-attacks/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.xcitium.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 19 Jul 2024 15:38:21 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: C715DD6C3C6B4DE7A5546A38BFF5AF1E Ref B: YTO01EDGE0715 Ref C: 2024-07-19T15:38:21Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-ltx1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYdm3w5nkjlITBAc4g2oA==

Redirect headers

strict-transport-security: max-age=31536000
content-security-policy: frame-ancestors 'self'
x-content-type-options: nosniff
date: Fri, 19 Jul 2024 15:38:21 GMT
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-length: 0
x-li-uuid: AAYdm3w4KIxqjQNX37OLdQ==
pragma: no-cache
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: CD3DF626DAAA417284C78CF5AFDD7A58 Ref B: YTO01EDGE0715 Ref C: 2024-07-19T15:38:21Z
x-frame-options: sameorigin
x-li-fabric: prod-ltx1
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4656778&time=1721403497709&url=https%3A%2F%2Fwww.xcitium.com%2Fliving-off-the-land-attacks%2F&cookiesTest=true&liSync=true
cache-control: no-cache, no-store
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 json Show response
api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/ 116 B
1 KB 441ms
133ms XHR
application/json 104.18.243.108
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=39941697

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.243.108 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

82c8fab94433d5c5ca73a77ba97a4fd18d27e9b74c2b52f3cdb3c52db73449cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.xcitium.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 19 Jul 2024 15:38:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 8abe5468-2ac7-4bfc-acbe-0c086eba0dfc
content-encoding: br
x-envoy-upstream-service-time: 37
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 8abe5468-2ac7-4bfc-acbe-0c086eba0dfc
server: cloudflare
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.xcitium.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-7dd59b876-8jqlp
access-control-max-age: 180
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2l6cjoQ7ioNFHh3LSwJt7LVl%2B8b3JNjJMBXF5UanhP85qE994LXEyvM%2FdIVkiniqCBVSaySfSNdvManAYTQxLCU0BnGQyArD305nO5f3MppQqP66M6kihoZLyzkTsScO"}],"group":"cf-nel","max_age":604800}
cf-ray: 8a5bcc36fbde711b-YYZ
access-control-allow-headers: *

GET
H3 200 /
www.google.com/pagead/1p-user-list/1069383447/ 42 B
64 B 148ms
58ms Image
image/gif 142.251.167.99
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1069383447/?random=1721403497698&cv=11&fst=1721401200000&bg=ffffff&guid=ON&async=1&gtm=45be47h0v9101670771z8896795997za201zb896795997&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.xcitium.com%2Fliving-off-the-land-attacks%2F&hn=www.googleadservices.com&frm=0&tiba=What%20You%20Need%20to%20Know%20About%20Living%20off%20the%20Land%20Attacks&npa=0&pscdl=noapi&auid=1299748699.1721403498&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDaQooL-1P19XW3TWJxTDXaY7dE2GDD2OVKTQ&random=3719377495&rmt_tld=0&ipr=y

Requested by

Host: www.xcitium.com
URL: https://www.xcitium.com/living-off-the-land-attacks/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.167.99 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f99.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xcitium.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Jul 2024 15:38:17 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.ca/pagead/1p-user-list/1069383447/ 42 B
64 B 57ms
55ms Image
image/gif 142.251.167.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/1069383447/?random=1721403497698&cv=11&fst=1721401200000&bg=ffffff&guid=ON&async=1&gtm=45be47h0v9101670771z8896795997za201zb896795997&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.xcitium.com%2Fliving-off-the-land-attacks%2F&hn=www.googleadservices.com&frm=0&tiba=What%20You%20Need%20to%20Know%20About%20Living%20off%20the%20Land%20Attacks&npa=0&pscdl=noapi&auid=1299748699.1721403498&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDaQooL-1P19XW3TWJxTDXaY7dE2GDD2OVKTQ&random=3719377495&rmt_tld=1&ipr=y

Requested by

Host: www.xcitium.com
URL: https://www.xcitium.com/living-off-the-land-attacks/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.167.94 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f94.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xcitium.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Jul 2024 15:38:17 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 238 KB
84 KB 61ms
61ms Script
application/javascript 173.194.66.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-1069383447

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

QUIC, , AES_128_GCM

Server

173.194.66.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qo-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

e3df109513f821ef16f0a7cbaafa390de082fd20156be04f0fe7c3fe210b3611

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.xcitium.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 19 Jul 2024 15:38:18 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 86245
x-xss-protection: 0
last-modified: Fri, 19 Jul 2024 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 19 Jul 2024 15:38:18 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 238 KB
84 KB 64ms
64ms Script
application/javascript 173.194.66.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-1069383447&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-ML4QVN4

Protocol

Security

QUIC, , AES_128_GCM

Server

173.194.66.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qo-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

4bc6360c2793a4d9c3e4d6a8dcf5a5294c9871d4607aae791ec06f40019c0493

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.xcitium.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 19 Jul 2024 15:38:18 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 86333
x-xss-protection: 0
last-modified: Fri, 19 Jul 2024 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 19 Jul 2024 15:38:18 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1069383447/ 3 KB
1 KB 66ms
66ms Script
text/javascript 142.251.167.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1069383447/?random=1721403498404&cv=11&fst=1721403498404&bg=ffffff&guid=ON&async=1&gtm=45be47h0v9101670771za200zb896795997&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.xcitium.com%2Fliving-off-the-land-attacks%2F&hn=www.googleadservices.com&frm=0&tiba=What%20You%20Need%20to%20Know%20About%20Living%20off%20the%20Land%20Attacks&did=dZTQ1Zm&gdid=dZTQ1Zm&npa=0&pscdl=noapi&auid=1299748699.1721403498&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-1069383447

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.167.155 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f155.1e100.net

Software

cafe /

Resource Hash

ebe656a1e5ddbf1e7412ec87d830e034ee455e67377baa67e4b4222b99788860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xcitium.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Jul 2024 15:38:18 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1455
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/1069383447/ 42 B
64 B 56ms
55ms Image
image/gif 142.251.167.99
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1069383447/?random=1721403498404&cv=11&fst=1721401200000&bg=ffffff&guid=ON&async=1&gtm=45be47h0v9101670771za200zb896795997&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.xcitium.com%2Fliving-off-the-land-attacks%2F&hn=www.googleadservices.com&frm=0&tiba=What%20You%20Need%20to%20Know%20About%20Living%20off%20the%20Land%20Attacks&did=dZTQ1Zm&gdid=dZTQ1Zm&npa=0&pscdl=noapi&auid=1299748699.1721403498&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDaQooLhEX5-wxob2mdVUY74EvnKkeXbxxpjMhOOPG28y6AJMN95d-8&random=1719980727&rmt_tld=0&ipr=y

Requested by

Host: www.xcitium.com
URL: https://www.xcitium.com/living-off-the-land-attacks/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.167.99 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f99.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xcitium.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Jul 2024 15:38:18 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.ca/pagead/1p-user-list/1069383447/ 42 B
64 B 57ms
57ms Image
image/gif 142.251.167.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/1069383447/?random=1721403498404&cv=11&fst=1721401200000&bg=ffffff&guid=ON&async=1&gtm=45be47h0v9101670771za200zb896795997&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.xcitium.com%2Fliving-off-the-land-attacks%2F&hn=www.googleadservices.com&frm=0&tiba=What%20You%20Need%20to%20Know%20About%20Living%20off%20the%20Land%20Attacks&did=dZTQ1Zm&gdid=dZTQ1Zm&npa=0&pscdl=noapi&auid=1299748699.1721403498&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDaQooLhEX5-wxob2mdVUY74EvnKkeXbxxpjMhOOPG28y6AJMN95d-8&random=1719980727&rmt_tld=1&ipr=y

Requested by

Host: www.xcitium.com
URL: https://www.xcitium.com/living-off-the-land-attacks/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.167.94 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f94.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xcitium.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Jul 2024 15:38:18 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
196 B 120ms
119ms XHR
text/plain 13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: *
Referer: https://www.xcitium.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Fri, 19 Jul 2024 15:38:21 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: D4BD5E35EEBD4299BEC23B117179ADBC Ref B: YTO01EDGE0715 Ref C: 2024-07-19T15:38:21Z
linkedin-action: 1
vary: Origin
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
access-control-allow-origin: https://www.xcitium.com
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYdm3w7yOlb1dVRbKBPeg==

GET
H2 200 / Show response
beacon-v2.helpscout.net/ 458 B
902 B 153ms
42ms Script
application/javascript 99.84.108.69
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://beacon-v2.helpscout.net/

Requested by

Host: www.xcitium.com
URL: https://www.xcitium.com/js/custom-add.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.108.69 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-108-69.iad79.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

f1057217f0193b03f7689e6d5f08fb31d942fd4edf8640737015dc6e45bda624

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.xcitium.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 19 Jul 2024 15:37:00 GMT
content-encoding: gzip
via: 1.1 170a9cb5b4951d3141f3cdf6b50b780c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
x-amz-cf-pop: IAD79-C2
age: 83
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 327
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 17 Jul 2024 17:16:48 GMT
server: AmazonS3
etag: "26e0db80bcbc36da0edce80cc950c700"
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=120, s-maxage=120, public
accept-ranges: bytes
x-amz-cf-id: Oo4d4zgml6_mLEeVHu9BNSujgzJY8HUWPEj3pMHu5LHr8AOsVfaYUg==

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
1 KB 126ms
68ms Image
image/gif 104.16.117.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-ca&bfp=1492354446&v=1.1&a=39941697&rcu=https%3A%2F%2Fwww.xcitium.com%2Fliving-off-the-land-attacks%2F&pu=https%3A%2F%2Fwww.xcitium.com%2Fliving-off-the-land-attacks%2F&t=What+You+Need+to+Know+About+Living+off+the+Land+Attacks&cts=1721403501643&vi=771fb308ffc84614b7fb8d814f385bc6&nc=true&u=258394901.771fb308ffc84614b7fb8d814f385bc6.1721403501639.1721403501639.1721403501639.1&b=258394901.1.1721403501639&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.117.116 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.xcitium.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 19 Jul 2024 15:38:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 823f6e76-c915-4166-9cbb-bcde306a9932
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 6
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 823f6e76-c915-4166-9cbb-bcde306a9932
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jhVk24gl%2B4M2doywTpAxSjReEgEOkPuaA0TZukLv5KisvokItXKc1c3Jg5nApmDif%2F9nf0s%2B5Hn4M5grejpxSf5R8Jx9xMBoNILg6oBjfnVU6pi19U7UI%2Bt2gli8gdPJ2irr"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-756b8c8b56-pkwbj
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 8a5bcc4dbc3eab94-YYZ
x-robots-tag: none

GET
H2 200 favicon.ico
www.xcitium.com/ 1014 B
1 KB 37ms
37ms Other
image/x-icon 66.135.17.66
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xcitium.com/favicon.ico
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 66.135.17.66 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: 66-135-17-66.constant.com
Software: NuCDN/v2.59.21 /
Resource Hash: 6a6a8b9848df95851166d734e0fdb90f8e6d7d06c4a6bf364f876b94fd15971b

Request headers

Referer: https://www.xcitium.com/living-off-the-land-attacks/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-beluga-cache-status: Hit (1)
date: Fri, 19 Jul 2024 15:38:21 GMT
last-modified: Tue, 04 Jun 2024 13:14:12 GMT
server: NuCDN/v2.59.21
etag: "665f1324-3f6"
content-type: image/x-icon
x-beluga-node: 00033cad-f4e7-4038-ad94-6be739bfbf74
cache-control: public, no-transform
x-beluga-response-time: 0 ms
x-beluga-status: 003
x-beluga-trace: 9d1eba56-2638-4b3c-9c7d-3b1ef0e0e61c
content-length: 1014
x-beluga-record: 03e68aac990362b2d5ab1e9cad52c9b57dc98b58
expires: Thu, 05 Dec 2024 22:27:09 GMT

GET
H2 200 vendor.5fe8f3bc.js Show response
beacon-v2.helpscout.net/static/js/ 62 KB
23 KB 48ms
48ms Script
application/javascript 99.84.108.69
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://beacon-v2.helpscout.net/static/js/vendor.5fe8f3bc.js

Requested by

Host: beacon-v2.helpscout.net
URL: https://beacon-v2.helpscout.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.108.69 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-108-69.iad79.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

c615d03cee52e9673053fd8588d0e124a318245eb3e831e8f3a9204c6d3c99f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.xcitium.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 19 Jul 2024 15:36:00 GMT
content-encoding: gzip
via: 1.1 170a9cb5b4951d3141f3cdf6b50b780c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
x-amz-cf-pop: IAD79-C2
age: 142
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 22572
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 17 Jul 2024 17:16:49 GMT
server: AmazonS3
etag: "a3d10a46a82feffc1fa974df28b56f57"
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=315360000, s-maxage=7200, public
accept-ranges: bytes
x-amz-cf-id: 0REerb9zSaJA5LAShCDzY9hwvSnORCrepOCKeB7r7VuStz_gZR1pIA==

GET
H2 200 main.ec7c4297.js Show response
beacon-v2.helpscout.net/static/js/ 31 KB
13 KB 57ms
57ms Script
application/javascript 99.84.108.69
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://beacon-v2.helpscout.net/static/js/main.ec7c4297.js

Requested by

Host: beacon-v2.helpscout.net
URL: https://beacon-v2.helpscout.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.108.69 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-108-69.iad79.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

3e6c2d97ba58d4be612633b75640497150dc636fe9fb2be693bdae95cfe26175

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.xcitium.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 19 Jul 2024 15:36:00 GMT
content-encoding: gzip
via: 1.1 170a9cb5b4951d3141f3cdf6b50b780c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
x-amz-cf-pop: IAD79-C2
age: 142
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 12616
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 17 Jul 2024 17:16:49 GMT
server: AmazonS3
etag: "54c56d996ec4ae758094a02efb5c31b3"
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=315360000, s-maxage=7200, public
accept-ranges: bytes
x-amz-cf-id: r7rLYYvYpAYTiynTihXlRv_d5xEoIii0BhkH0Rle9ANIBieraDkSng==

GET
H2 404 f4a890d5-f38d-4a1f-a4d5-3834183d48fc Show response
d3hb14vkzrxvla.cloudfront.net/v1/ 118 B
874 B 65ms
65ms XHR
application/json 13.32.207.95
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://d3hb14vkzrxvla.cloudfront.net/v1/f4a890d5-f38d-4a1f-a4d5-3834183d48fc

Requested by

Host: beacon-v2.helpscout.net
URL: https://beacon-v2.helpscout.net/static/js/vendor.5fe8f3bc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.207.95 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-207-95.iad66.r.cloudfront.net

Software

Resource Hash

259426542a34051416149160e7b38398b97b4bec3714817012571bbe21520cc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

correlationId: 0d3f67d5-8bb7-428a-bcd1-e66fe7c14047
Helpscout-Release: 2.2.204
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
Beacon-Device-ID: 5eab5676-1412-43cc-b3e1-77be0c2abfc2
Referer: https://www.xcitium.com/
Beacon-Device-Instance-ID: 89101ff8-8584-4ef4-8444-06001198bdc3
Helpscout-Origin: Beacon-Embed

Response headers

date: Fri, 19 Jul 2024 15:38:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 e58f499d9cd10c42a7ba13215f40c914.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD66-C1
x-cache: Error from cloudfront
x-ratelimit-remaining-ai-ask-hour: 25
x-ratelimit-remaining-identify-hour: 25
x-ratelimit-limit-general-minute: 60
x-ratelimit-remaining-conversations-hour: 10
x-ratelimit-limit-identify-hour: 25
x-ratelimit-remaining-chat-tokens-hour: 25
x-ratelimit-limit-conversations-hour: 10
x-ratelimit-limit-attachments-hour: 10
vary: Origin,Access-Control-Request-Method
content-type: application/json
access-control-allow-origin: https://www.xcitium.com
x-ratelimit-remaining-general-minute: 60
access-control-expose-headers: Resource-ID
access-control-allow-credentials: true
x-ratelimit-remaining-attachments-hour: 10
x-ratelimit-limit-ai-ask-hour: 25
x-amz-cf-id: 8K_3nYId8w6Fqnp4BmHWyShnEZv0EeYaNCFzkCaYUbZN6gsO1YqVcw==
x-ratelimit-limit-chat-tokens-hour: 25

OPTIONS
H2 200 f4a890d5-f38d-4a1f-a4d5-3834183d48fc
d3hb14vkzrxvla.cloudfront.net/v1/ 0
0 1428ms
49ms Preflight 13.32.207.95
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://d3hb14vkzrxvla.cloudfront.net/v1/f4a890d5-f38d-4a1f-a4d5-3834183d48fc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.207.95 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-207-95.iad66.r.cloudfront.net

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: beacon-device-id,beacon-device-instance-id,correlationid,helpscout-origin,helpscout-release
Access-Control-Request-Method: GET
Origin: https://www.xcitium.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: beacon-device-id, beacon-device-instance-id, correlationid, helpscout-origin, helpscout-release
access-control-allow-methods: GET
access-control-allow-origin: https://www.xcitium.com
allow: GET, HEAD, POST, PUT, DELETE, OPTIONS, TRACE, PATCH
content-length: 0
date: Fri, 19 Jul 2024 15:38:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Origin,Access-Control-Request-Method
via: 1.1 e58f499d9cd10c42a7ba13215f40c914.cloudfront.net (CloudFront)
x-amz-cf-id: uvznaGXikhVN3F1pSkaX_XKi7g0m_MPggJ357n7FT2FWvQlxZyz1ig==
x-amz-cf-pop: IAD66-C1
x-cache: Miss from cloudfront
x-ratelimit-limit-ai-ask-hour: 25
x-ratelimit-limit-attachments-hour: 10
x-ratelimit-limit-chat-tokens-hour: 25
x-ratelimit-limit-conversations-hour: 10
x-ratelimit-limit-general-minute: 60
x-ratelimit-limit-identify-hour: 25
x-ratelimit-remaining-ai-ask-hour: 25
x-ratelimit-remaining-attachments-hour: 10
x-ratelimit-remaining-chat-tokens-hour: 25
x-ratelimit-remaining-conversations-hour: 10
x-ratelimit-remaining-general-minute: 60
x-ratelimit-remaining-identify-hour: 25

Verdicts & Comments Add Verdict or Comment

40 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

19 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.xcitium.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: fpn5nk0k6git4tobp79bekpjtb
.xcitium.com/	1970-01-21 00:19:39	Name: _gcl_au Value: 1.1.1299748699.1721403498
.xcitium.com/	1970-01-21 07:46:03	Name: _ga_4LTQDQ30RF Value: GS1.1.1721403497.1.0.1721403497.60.0.0
.xcitium.com/	1970-01-21 07:46:03	Name: _ga Value: GA1.1.1948912785.1721403498
.doubleclick.net/	1970-01-21 07:46:03	Name: IDE Value: AHWqTUkHQ_0prQHZwCf3LsV0TeH80iXB-B5oISiOkVT3SVAQZ9NdJZLRpulnkxT2
.xcitium.com/	1970-01-21 06:55:39	Name: _hjSessionUser_3247177 Value: eyJpZCI6IjI2MDVhYjQ1LTI2YzYtNWUxYi05YzZjLWU3OWEyMDI5MzA4MiIsImNyZWF0ZWQiOjE3MjE0MDM1MDEwNDMsImV4aXN0aW5nIjpmYWxzZX0=
.xcitium.com/	1970-01-20 22:10:05	Name: _hjSession_3247177 Value: eyJpZCI6IjQ0NDgwNjYxLWNlNTUtNDIyYy1hYzM4LWQwMGUxYWQ1ODg5YiIsImMiOjE3MjE0MDM1MDEwNDUsInMiOjAsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=
.linkedin.com/	1970-01-21 00:19:39	Name: li_sugr Value: 73d74ae8-3d4d-4c54-9bb4-fd27285b8521
.linkedin.com/	1970-01-21 06:55:39	Name: bcookie Value: "v=2&46dfd4e1-7fdb-4bd4-87ab-9ece635c4e07"
.linkedin.com/	1970-01-20 22:11:29	Name: lidc Value: "b=TGST08:s=T:r=T:a=T:p=T:g=2838:u=1:x=1:i=1721403501:t=1721489901:v=2:sig=AQHUgJGf1mKNxNL_NRRc8CGHKzmLhg6p"
.linkedin.com/	1970-01-20 22:53:15	Name: UserMatchHistory Value: AQIyGTdGfUde0gAAAZDLpOs6FN2OWe1644osFWYf5eE1DVDJ4mL5p4fXWUmW1-y2Mj_Ip9redxai7A
.linkedin.com/	1970-01-20 22:53:15	Name: AnalyticsSyncHistory Value: AQIVSsh-kpaYNAAAAZDLpOs6G5ZbdkIe_-AmS99DEgYSXlPo6EupfZYAGcc00Md79bklNjpL8rN4_foEwKbGxw
.www.linkedin.com/	1970-01-21 06:55:39	Name: bscookie Value: "v=1&20240719153821c8b87bcd-f015-4280-842c-39bbc31634ddAQE69h2yAhqBFWiW3S_MTFl4AViFqbIS"
.xcitium.com/	1970-01-21 02:29:15	Name: __hstc Value: 258394901.771fb308ffc84614b7fb8d814f385bc6.1721403501639.1721403501639.1721403501639.1
.xcitium.com/	1970-01-21 02:29:15	Name: hubspotutk Value: 771fb308ffc84614b7fb8d814f385bc6
.xcitium.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.xcitium.com/	1970-01-20 22:10:05	Name: __hssc Value: 258394901.1.1721403501639
.hubspot.com/	1970-01-20 22:10:05	Name: __cf_bm Value: fl9bhJWlpoTsxhQcReieAvIbjTj._4jxa.ydMhj4hA0-1721403501-1.0.1.1-zQz.2MCmM.vVeDo6oAabiYh_ZpbWIkSuR9rKt7qxg.qjPeVl6qJzFn5Fg9MC6a85nLLqm7yAMThMh7LhjHXvVA
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: 89AHYYzGh66pJjPIkfNrAGiFSQcb78GVIHMJM2ejZ28-1721403501756-0.0.1.1-604800000

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://www.xcitium.com/living-off-the-land-attacks/ Message: A preload for 'https://fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2' is found, but is not used because the request credentials mode does not match. Consider taking a look at crossorigin attribute.
other	warning	URL: https://www.xcitium.com/living-off-the-land-attacks/ Message: A preload for 'https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2' is found, but is not used because the request credentials mode does not match. Consider taking a look at crossorigin attribute.
other	warning	URL: https://www.xcitium.com/living-off-the-land-attacks/ Message: A preload for 'https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2' is found, but is not used because the request credentials mode does not match. Consider taking a look at crossorigin attribute.
other	warning	URL: https://www.xcitium.com/living-off-the-land-attacks/ Message: A preload for 'https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2' is found, but is not used because the request credentials mode does not match. Consider taking a look at crossorigin attribute.
other	warning	URL: https://www.xcitium.com/living-off-the-land-attacks/ Message: A preload for 'https://fonts.gstatic.com/s/worksans/v18/QGYsz_wNahGAdqQ43Rh_fKDp.woff2' is found, but is not used because the request credentials mode does not match. Consider taking a look at crossorigin attribute.
other	warning	URL: https://www.xcitium.com/living-off-the-land-attacks/ Message: A preload for 'https://fonts.gstatic.com/s/worksans/v18/QGYsz_wNahGAdqQ43Rh_fKDp.woff2' is found, but is not used because the request credentials mode does not match. Consider taking a look at crossorigin attribute.
other	warning	URL: https://www.xcitium.com/living-off-the-land-attacks/ Message: A preload for 'https://fonts.gstatic.com/s/worksans/v18/QGYsz_wNahGAdqQ43Rh_fKDp.woff2' is found, but is not used because the request credentials mode does not match. Consider taking a look at crossorigin attribute.
network	error	URL: https://d3hb14vkzrxvla.cloudfront.net/v1/f4a890d5-f38d-4a1f-a4d5-3834183d48fc Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.google.com
api.hubapi.com
beacon-v2.helpscout.net
d3hb14vkzrxvla.cloudfront.net
fonts.gstatic.com
googleads.g.doubleclick.net
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsadspixel.net
px.ads.linkedin.com
script.hotjar.com
snap.licdn.com
static.hotjar.com
stats.g.doubleclick.net
track.hubspot.com
www.google.ca
www.google.com
www.googletagmanager.com
www.linkedin.com
www.xcitium.com
104.16.117.116
104.16.141.209
104.17.128.172
104.17.175.201
104.18.243.108
13.107.42.14
13.32.207.95
142.251.167.155
142.251.167.94
142.251.167.99
172.64.153.27
173.194.66.154
173.194.66.97
18.160.41.112
209.85.232.94
216.239.38.181
23.215.0.139
66.135.17.66
99.84.108.69
99.84.191.81
025aa035249ae038dd8ce39f64c3737c75630e0c290e10c68c18ccfd7c96b1b2
0c423574c169bcda1bac06d877eb1d94e018b4f2f54c637eb632cd00ebc5d6f5
17d569a2978f9c1ead19e8c7ebc1cec3a2cc42cd4baa614047f1664ebbb920d1
259426542a34051416149160e7b38398b97b4bec3714817012571bbe21520cc8
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
3342a0ef5691d423771e3fed260157b8eea2d135ee706f933f01b9dc784c0ad4
33cea6bdeefd252e24c44330f0584053bf3e958be57b320e0cef87a06e2a9ae9
3e6c2d97ba58d4be612633b75640497150dc636fe9fb2be693bdae95cfe26175
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
47c4e464f01276fd263c27dfd523810b999d76c8b58bafc90fdbdabb3d056560
4bc6360c2793a4d9c3e4d6a8dcf5a5294c9871d4607aae791ec06f40019c0493
50a35208d4d64a784109aa95fc4741f204e4035bd304dfa933859fc124c579ea
55d5c839da5019a25bb101717cbfc9c2b51242ca1c72de30ff9832d0d1c3e70f
5677d8798eeea68b0186c5bb057450d36e498d75e06b196be8c62cb1b519154b
5c36e28c9a7bd864b673e223db7e1934923227536ffbdf871f58b6f09b9ac8c9
619feac205d68f6356fcad13d6758533011a8acc7830e3deb0f763249d7516c0
6a6a8b9848df95851166d734e0fdb90f8e6d7d06c4a6bf364f876b94fd15971b
6bd352c858031c1ec91031dadc2ed2c61fec706eb6abcf17133df568c5198ccc
7682ae16052155906f82c882564658da00e3f9bf19eadf56cfe13f44c0c3d308
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
82c8fab94433d5c5ca73a77ba97a4fd18d27e9b74c2b52f3cdb3c52db73449cc
843ee632a69ddb2b75c39b1a4355e0d77335d844afa9d27e032fc26b9dc6e9d4
8a540f871fa751e9e3ed4358f99a09c3fb200331c9a643b4c39d368363a342f4
8dfb9327230d2ee3cabfea67fb670bcf7c0c77754111b4cfb0403e0b7d1a96cb
90473a1a619e183dde264afd0632ecbaa69a98ce8a4ed8be947417e47a666670
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
9626463ac1430e530f9b2ea5d1554742577eff894e8d3a93cd45caf76f87afc9
97e82d8eac8d106b28abf1b716982c40c06fffe49cc2f34cd1c299266745ef73
982502d1fb84580ce116ab62a786852d4fe2820d7ae36251394ef29a6c42a58f
aadf1df492a5e6e119efb19ff484c032f0f334f7f4f2fcadd01e321bc9521742
abc134cd45c171f589ddf929b0a5639abdc14aa8f1386e12394d9db8689fc89c
ba7e001a1400281e75bad35572d8b4ce6631b1d0a978a3d98e232545a12941ad
c615d03cee52e9673053fd8588d0e124a318245eb3e831e8f3a9204c6d3c99f2
c96d60f1f5842a21800dfcdd329206a01084a863d0f35058d288a7640eaa9003
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
cd4f199913742fb95f190532cf09c0e216f069840d6ea09d4e227bc771ef2a37
dbfeb010a0c8acddc38dea97e228787f16ac5e30b4af96b764fa2252fe3827e4
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3df109513f821ef16f0a7cbaafa390de082fd20156be04f0fe7c3fe210b3611
ebe656a1e5ddbf1e7412ec87d830e034ee455e67377baa67e4b4222b99788860
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1057217f0193b03f7689e6d5f08fb31d942fd4edf8640737015dc6e45bda624
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149
f5965215fdd3591ccce6ba65c7b4418c8777f1e73ddc8f1fa5b1ab1733e83270
fa572654ee28d4b4925cb8d6a0b8a78eab66569222302a2500b8b7bd794b7d7a

www.xcitium.com Open in urlscan Pro 66.135.17.66 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

58 Requests

98 %HTTPS

0 %IPv6

17 Domains

21 Subdomains

21 IPs

2 Countries

1074 kBTransfer

2698 kBSize

19 Cookies

15 Outgoing links

Redirected requests

58 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.xcitium.com Open in urlscan Pro
66.135.17.66 Public Scan

Screenshot
Live screenshot

Full Image

58
Requests

98 %
HTTPS

0 %
IPv6

17
Domains

21
Subdomains

21
IPs

2
Countries

1074 kB
Transfer

2698 kB
Size

19
Cookies

58 HTTP transactions
2 data transactions